Table of contents
Introduction
In modern cloud-native applications, managing configuration and sensitive data efficiently and securely is essential. Kubernetes addresses this need with ConfigMaps and Secrets. ConfigMaps store non-confidential configuration data, enabling dynamic updates and easy application portability. Secrets securely manage sensitive information like passwords and tokens. By separating configuration and sensitive data from application code, Kubernetes enhances security, flexibility, and adherence to best practices. Let's understand these concepts better through hands-on examples.
ConfigMaps
ConfigMap is a Kubernetes resource used to store non-confidential data in key-value pairs. It allows you to decouple configuration artifacts from image content to keep containerized applications portable.
Example
Create a Pod with an Environment Variable
apiVersion: v1 kind: Pod metadata: name: myapp labels: name: myapp-pod spec: containers: - name: myapp-container image: busybox:1.28 command: ['sh', '-c', 'echo The app is running! && sleep 3600'] env: - name: FIRSTNAME value: "shivam"
The above YAML file (
pod.yaml
) creates a pod with the BusyBox image. It sets an environment variableFIRSTNAME
within the container. Apply this file and execute into the container to check the environment variable:kubectl apply -f pod.yaml kubectl exec -it myapp -- sh echo $FIRSTNAME # Output will be "shivam"
Create a ConfigMap
Next, we'll create a ConfigMap to store these values and inject it into the Pod.
kubectl create configmap app-cm --from-literal=firstname=shivam --from-literal=lastname=gautam
Inject ConfigMap into a Pod
Now, modify the Pod definition to use the ConfigMap:
yamlCopy codeapiVersion: v1 kind: Pod metadata: name: myapp labels: name: myapp-pod spec: containers: - name: myapp-container image: busybox:1.28 command: ["sh", "-c", "echo The app is running! && sleep 3600"] env: - name: FIRSTNAME valueFrom: configMapKeyRef: name: app-cm key: firstname
Apply this YAML file:
kubectl apply -f pod.yaml
When you describe the Pod, you will see that the
FIRSTNAME
environment variable is now sourced from the ConfigMap.Declarative ConfigMap Creation
If you have many key-value pairs, creating a ConfigMap from the command line can be cumbersome. Instead, you can create it declaratively using a YAML file. You can generate this file with an imperative command:
kubectl create configmap app-cm --from-literal=firstname=shivam --from-literal=lastname=gautam --dry-run=client -o yaml > cm.yaml
This will generate a
cm.yaml
file:apiVersion: v1 kind: ConfigMap metadata: name: app-cm data: firstname: shivam lastname: gautam
Apply this YAML file:
kubectl apply -f cm.yaml
ConfigMaps can also be used by mounting them as volumes, which we will cover in future posts in this series. You can also learn more about ConfigMaps from the official documentation.
Secret in Kubernetes
Secret is similar to ConfigMap but is used to store confidential data, such as passwords, OAuth tokens, and SSH keys.
For a better understanding, I highly recommend doing some hands-on practice. You can find more detailed information in the official Kubernetes documentation on Secrets.
By using ConfigMaps and Secrets, you can manage configuration and sensitive data efficiently and securely in Kubernetes, making your applications more portable, secure, and easy to manage.